28
Android Hook - Xposed Framework [Android Penetration Testing] Elven 2016/06 捝䨗䨝

Android Hook - Xposed Framework (Elven Liu)

Embed Size (px)

Citation preview

Page 1: Android Hook - Xposed Framework (Elven Liu)

Android Hook - Xposed Framework

[Android Penetration Testing] Elven

2016/06

Page 2: Android Hook - Xposed Framework (Elven Liu)

Who am I?• Elven Liu

• HITCON GIRLS [Android Penetration Testing]

[email protected]

• www.linkedin.com/in/liu-elven

mailto:[email protected]?subject=
http://www.linkedin.com/in/liu-elven
Page 3: Android Hook - Xposed Framework (Elven Liu)

Outline

• Zygote

• Xposed Framework

• Hook System Clock

Page 4: Android Hook - Xposed Framework (Elven Liu)

Zygote

Page 5: Android Hook - Xposed Framework (Elven Liu)

Zygote

• =

• zygote system/bin/app_process

• Android Zygote

Page 6: Android Hook - Xposed Framework (Elven Liu)

Activity Service

New Activity Process

Accept Socket Connection

Select fd

Read Argument

Parse Argument

Fork() a app_process

Zygote

Socket

fork() Android

Page 7: Android Hook - Xposed Framework (Elven Liu)

Activity Service

New Activity Process

Accept Socket Connection

Select fd

Read Argument

Parse Argument

Fork() a app_process

Zygote

Fork()

Page 8: Android Hook - Xposed Framework (Elven Liu)

Xposed Framework

Page 9: Android Hook - Xposed Framework (Elven Liu)

• rovo89, Tungstwenty

• Source: https://github.com/rovo89

• Module Repository: http://repo.xposed.info/

• systemui, systemserver…….

http://repo.xposed.info/
Page 10: Android Hook - Xposed Framework (Elven Liu)

• XposedBridge API xposed framework JavaJar Package

• XposeInstall Xposed APP

• Xposed: xposed app_process /system/bin/ app_process .orig

Page 11: Android Hook - Xposed Framework (Elven Liu)

WARNING ROM Xposed Xposed Recovery

Page 12: Android Hook - Xposed Framework (Elven Liu)

Activity Service

New Activity Process

Accept Socket Connection

Select fd

Read Argument

Parse Argument

Fork() a app_process

Zygotecom.android.internal.os.ZygoteInit

Page 13: Android Hook - Xposed Framework (Elven Liu)

Activity Service

New Activity Process

Accept Socket Connection

Select fd

Read Argument

Parse Argument

Fork() a app_process

Zygotede.robv.android.xposed.XposedBridge

Page 14: Android Hook - Xposed Framework (Elven Liu)

Activity Service

New Activity Process

Accept Socket Connection

Select fd

Read Argument

Parse Argument

Fork() a app_process

Zygotede.robv.android.xposed.XposedBridge

Input

Page 15: Android Hook - Xposed Framework (Elven Liu)
Page 16: Android Hook - Xposed Framework (Elven Liu)

Android

XposedInstaller APK (4.0)

URL: http://repo.xposed.info/module/

Xposed Bridge API (54)

URL: http://forum.xda-developers.com/xposed/xposed-api-changelog-developer-news-t2714067

Page 17: Android Hook - Xposed Framework (Elven Liu)

Hook

Static Analysis

Hook

Find Target APK

Page 18: Android Hook - Xposed Framework (Elven Liu)

Find Target APK

Static Analysis

reset

Decompiler apk

Find Target*package Name *class*function

Create a Project

Import xposed api

write java code

Root

Hook Success

exposed install

Page 19: Android Hook - Xposed Framework (Elven Liu)

Hook System Clock

https://github.com/rovo89/XposedBridge/wiki/Development-tutorial

https://github.com/rovo89/XposedBridge/wiki/Development-tutorial
Page 20: Android Hook - Xposed Framework (Elven Liu)

Create a Project

Page 21: Android Hook - Xposed Framework (Elven Liu)

build.gradle

1

2

3

Page 22: Android Hook - Xposed Framework (Elven Liu)
Page 23: Android Hook - Xposed Framework (Elven Liu)

AndroidManifest.xml <meta-data

android:name="xposedmodule"

android:value="true"/>

<meta-data

android:name="xposeddescription"

android:value="Hooking Module for Clock" />

<meta-data

android:name="xposedminversion"

android:value="54" />

Page 24: Android Hook - Xposed Framework (Elven Liu)

assets

Page 25: Android Hook - Xposed Framework (Elven Liu)

create java class

• Xposed API

• http://api.xposed.info/reference/de/robv/android/xposed/XC_MethodHook.MethodHookParam.html

http://api.xposed.info/reference/de/robv/android/xposed/XC_MethodHook.MethodHookParam.html
Page 26: Android Hook - Xposed Framework (Elven Liu)

Demo

Page 27: Android Hook - Xposed Framework (Elven Liu)
Page 28: Android Hook - Xposed Framework (Elven Liu)

4 elven som bruksåre kari sanne havnevik

4 elven som bruksåre kari sanne havnevik

Documents
Lord of the Rings - An Elven Perspective

Lord of the Rings - An Elven Perspective

Entertainment & Humor
Elven Shamanic Healing - ana eugénio photography · Elven History Introduction Elven history is somewhat of a paradox. The elves are seen (not least by themselves) as a peaceful,

Elven Shamanic Healing - ana eugénio photography · Elven History Introduction Elven history is somewhat of a paradox. The elves are seen (not least by themselves) as a peaceful,

Documents
Elven Ranger 4.04

Elven Ranger 4.04

Documents
Elven Male Texturing

Elven Male Texturing

Design
2 elven som infrastruktur kari sanne havnevik

2 elven som infrastruktur kari sanne havnevik

Documents
BSidesROC 2016 - Jaime Geiger - Android Application Function Hooking With Xposed

BSidesROC 2016 - Jaime Geiger - Android Application Function Hooking With Xposed

Technology
Shadowrun: Elven Blood - DriveThruRPG.comwatermark.drivethrurpg.com/pdf_previews/105890-sample.pdf · 2 Elven Blood. . . CONTENTS . . . Writing: Russell Zimmerman Editing: Jason M

Shadowrun: Elven Blood - DriveThruRPG.comwatermark.drivethrurpg.com/pdf_previews/105890-sample.pdf · 2 Elven Blood. . . CONTENTS . . . Writing: Russell Zimmerman Editing: Jason M

Documents
Elven character research

Elven character research

Education
Elven Blood

Elven Blood

Documents
Elven Ranger 2.02

Elven Ranger 2.02

Documents
3- The Elven Crystals

3- The Elven Crystals

Documents
Elven Shamanic Healingapi.ning.com/.../ElvenShamanicHealing.pdf · Elven Shamanic Healing Presented by Vision in the Stars ... and fall of Netheril - arrogance, ambition and the undisciplined

Elven Shamanic Healingapi.ning.com/.../ElvenShamanicHealing.pdf · Elven Shamanic Healing Presented by Vision in the Stars ... and fall of Netheril - arrogance, ambition and the undisciplined

Documents
Elven Herigtage Legacy chapter 1.3: Domestic Bliss

Elven Herigtage Legacy chapter 1.3: Domestic Bliss

Education
The Elven Heritage Legacy 1.1: Arrival

The Elven Heritage Legacy 1.1: Arrival

Education
Surinamese contemporary art ezine: Sranan Art Xposed 4 (2011)

Surinamese contemporary art ezine: Sranan Art Xposed 4 (2011)

Documents
Elven Tower Presents - The Eye

Elven Tower Presents - The Eye

Documents
Special Event Proposal - "Elven Woodland Gala"

Special Event Proposal - "Elven Woodland Gala"

Career
Actualización Lollipop 5.0.2 en El Moto E, Xposed y Más

Actualización Lollipop 5.0.2 en El Moto E, Xposed y Más

Documents
Elven Dictionary

Elven Dictionary

Documents
Big data e xposed from big data to smart data

Big data e xposed from big data to smart data

Technology
D iabetics E xposed to T elmisartan a nd E nalapril

D iabetics E xposed to T elmisartan a nd E nalapril

Documents
Xposed framework

Xposed framework

Technology
Elven Shamanic Healing

Elven Shamanic Healing

Documents
Elven Phrases

Elven Phrases

Documents
Elven Glade Winery Digital Super Flyer

Elven Glade Winery Digital Super Flyer

Documents
SAFEWAY MEAT XPOSED - UC San Diego Library MEAT XPOSED RAUD firm, Agri-SCience Laboratories, Inc. of Hawthorne, California, which is certified by the U. S. Department of Agriculture

SAFEWAY MEAT XPOSED - UC San Diego Library MEAT XPOSED RAUD firm, Agri-SCience Laboratories, Inc. of Hawthorne, California, which is certified by the U. S. Department of Agriculture

Documents
En by på elven

En by på elven

Documents
Half Elven List

Half Elven List

Documents
Lorien & the Halls of the Elven Smiths

Lorien & the Halls of the Elven Smiths

Documents